Who Needs Cybersecurity?

While getting my morning coffee, I was asked an interesting question.  A gentleman noticed my “Cyber Security Services Division” hat and asked me if I really worked in cybersecurity.  I explained that I did and that I worked for the U.S. Department of Agriculture.  After some more discussion, he then asked me “Why does the U.S. Department of Agriculture need cybersecurity?”  The short answer to that question that I gave him is that since we are a government agency, we are required by law to have effective and continuously monitored security for our information systems under what is known as the Federal Information Systems Management Act (FISMA).

When many people think of the need for cybersecurity programs, the things seem to come to mind most often are large organizations who deal with financial/banking, healthcare, large retail that deals with credit card payments, and those with large industrial control systems.   There are various pieces of legislation and information security standards that these businesses must follow, or risk criminal and civil prosecution and penalties.  And the things that all of these large businesses have in common is that they deal with the information assurance principles of confidentiality, integrity, and availability, or what is often referred to as the C-I-A triad.  There are numerous privacy and business proprietary information issues (confidentiality), transaction and data accuracy issues (integrity), and service “up time” issues (availability).

In reality, though, the C-I-A triad of information assurance applies not only to large businesses, but small businesses and households as well.  EVERYBODY needs good security practices, including small businesses and even home users.  Cybersecurity is not just about following laws and staying out of the legal system.  The need for responsible and purposeful cybersecurity practices is about meeting an obligation to customers, employees, the business itself, and family members.   

As I often tell people, information security needs to be baked in, not sprinkled on.  What that means is that even small businesses need to think about good information security practices from the very first day of setting up the business, to the day the doors first open, and then all throughout the business’s existence.  Even home users should give some thought to using strong passwords for their personal accounts, practicing good email habits, such as NOT clicking on every link emailed to them without scrutiny, and securing their home WiFi routers.

Cybersecurity is for everyone, not just large enterprise networks with large IT and security budgets.  Implementing many security best practices are inexpensive.

If you are in Northern Colorado, contact me and ask about the various cybersecurity checklists and assessments that you can do, even at the small-business level, that will help you easily and inexpensively implement good practices, and keep your employees, customers, and even home users safer while online.